I have a Cakephp 3.6.13 project with the DebugKit (3.16.5) and Authorization (1.0.0) plugins enabled (and Authentication 1.0.1 plugin).
The DebugKit bar doesn't load in development, with the server returning: "The request to /debug-kit/toolbar/5b7dae82-9c94-48df-a16b-fbf13bd97045 did not apply any authorization checks." which makes sense, but how do I get requests to DebugKit to pass authorization whitout affecting authorization for the rest of the site?
Using the RequestPolicy example works for plugin === DebugKit requests, but then my public actions (defined with skipAuthorization) aren't authorized anymore or, more precisely, I don't know how to Authorize them.
As ndm suggested, I conditionally added the Authorization Middleware when the request was not for the DebugKit plugin. I added this to my Application.php middleware function :
$auth = new AuthorizationMiddleware($this);
$middlewareQueue
->add(function (ServerRequestInterface $request, ResponseInterface $response, callable $next) use ($auth) {
if ($request->getParam('plugin') !== 'DebugKit') {
return $auth($request, $response, $next);
}
return $next($request, $response);
});
Not sure if this is the recommended way, but it seems to be working.